From 5a6727811acc13d8ca6379161758c7d1a37bdc05 Mon Sep 17 00:00:00 2001 From: OZGCloud <ozgcloud@mgm-tp.com> Date: Mon, 6 May 2024 12:38:21 +0200 Subject: [PATCH] ozg-3938 use projected volume --- src/main/helm/templates/deployment.yaml | 22 +++++++------- src/test/helm/deployment_grpc_tls_test.yaml | 29 +++++++++---------- .../src/main/resources/application.yml | 4 +-- 3 files changed, 27 insertions(+), 28 deletions(-) diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml index aadf0568c..ece9546f8 100644 --- a/src/main/helm/templates/deployment.yaml +++ b/src/main/helm/templates/deployment.yaml @@ -312,16 +312,10 @@ spec: readOnly: true {{- end }} - name: namespace-ca-cert - mountPath: "/bindings/ca-certificates/namespace-root-ca.pem" - subPath: tls.crt + mountPath: "/bindings/namespace-certificate" readOnly: true - name: vorgang-manager-grpc-tls-cert - mountPath: "/grpc-tls/cert.pem" - subPath: tls.crt - readOnly: true - - name: vorgang-manager-grpc-tls-cert - mountPath: "/grpc-tls/key.pem" - subPath: tls.key + mountPath: "/grpc-tls" readOnly: true volumes: - name: bindings @@ -343,8 +337,16 @@ spec: secretName: vorgang-manager-grpc-tls-cert optional: true - name: namespace-ca-cert - secret: - secretName: {{ include "app.namespace" . }}-ca-cert + projected: + sources: + - secret: + name: {{ include "app.namespace" . }}-ca-cert + optional: true + items: + - key: ca.crt + path: ca.crt + - configMap: + name: bindings-type dnsConfig: {} dnsPolicy: ClusterFirst imagePullSecrets: diff --git a/src/test/helm/deployment_grpc_tls_test.yaml b/src/test/helm/deployment_grpc_tls_test.yaml index 2004d551f..91494cfe6 100644 --- a/src/test/helm/deployment_grpc_tls_test.yaml +++ b/src/test/helm/deployment_grpc_tls_test.yaml @@ -31,6 +31,7 @@ templates: set: ozgcloud: environment: test + imagePullSecret: test-image-pull-secret tests: - it: should have volume for grpc-tls-cert template: deployment.yaml @@ -49,18 +50,7 @@ tests: path: spec.template.spec.containers[0].volumeMounts content: name: vorgang-manager-grpc-tls-cert - mountPath: "/grpc-tls/cert.pem" - subPath: tls.crt - readOnly: true - - it: should have volume mount for grpc-tls-cert key - template: deployment.yaml - asserts: - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: vorgang-manager-grpc-tls-cert - mountPath: "/grpc-tls/key.pem" - subPath: tls.key + mountPath: /grpc-tls readOnly: true - it: should have volume for namespace ca-cert template: deployment.yaml @@ -69,8 +59,16 @@ tests: path: spec.template.spec.volumes content: name: namespace-ca-cert - secret: - secretName: sh-helm-test-ca-cert + projected: + sources: + - secret: + items: + - key: ca.crt + path: ca.crt + name: sh-helm-test-ca-cert + optional: true + - configMap: + name: bindings-type - it: should have volume mount for namespace ca-cert template: deployment.yaml asserts: @@ -78,8 +76,7 @@ tests: path: spec.template.spec.containers[0].volumeMounts content: name: namespace-ca-cert - mountPath: "/bindings/ca-certificates/namespace-root-ca.pem" - subPath: tls.crt + mountPath: "/bindings/namespace-certificate" readOnly: true - it: should not contain grpc_server_security_enabled env asserts: diff --git a/vorgang-manager-server/src/main/resources/application.yml b/vorgang-manager-server/src/main/resources/application.yml index 69103ce59..ca964777a 100644 --- a/vorgang-manager-server/src/main/resources/application.yml +++ b/vorgang-manager-server/src/main/resources/application.yml @@ -40,8 +40,8 @@ grpc: server: security: enabled: true - certificate-chain: file:/grpc-tls/cert.pem - private-key: file:/grpc-tls/key.pem + certificate-chain: file:/grpc-tls/tls.crt + private-key: file:/grpc-tls/tls.key management: server: -- GitLab